Research results emanating from Cardiff University suggest that three million online customers of HSBC Bank may be vulnerable to fraudulent attacks on their accounts.

It is alleged that this is due to the bank failing to patch a security vulnerability known to it for the past two years. Customers are allegedly being targeted by cyber criminals using ‘key loggers’ to capture data, access online accounts at a later date and steal funds. Here, Andrew Moloney of RSA Security offers his views on the research findings

Sir – HSBC has been heavily criticised for not addressing this alleged flaw in its data security policies, but I don’t believe any such criticism holds water. No banks’ systems are 100% secure and, even if every flaw were patched immediately, this wouldn’t mean that online banking users are safe from fraudsters. Far from it, in fact.

Online fraud attacks rarely rely on technology flaws. They flourish due to the one flaw that cannot be addressed by a security patch – the end user. This means deploying proactive measures to thwart online fraud attacks before they proliferate, and using technology that’s intelligent enough to recognise anomalies and inconsistencies in a user’s online behaviour. User education, of course, is also crucial.

We work with most of the financial institutions in the UK, and one thing is abundantly clear – they are putting up a concerted fight against online fraud.

Banks like HSBC have to prioritise and devote their efforts to employing the most effective forms of defence against online fraud. Just ‘patching’ flaws isn’t the answer.

Andrew Moloney, Senior Product Manager, RSA Security

Source

SMT